On Sat, 9 Jul 2005, Dan Schrager wrote:
> I could (only) guess that there is another site that tries to hold all
> hosts on a single private wire...
Indeed: the changes were prompted by a few sites in Ireland where it was
quite undesirable to change the network configuration. The new code has
proven to solve their immediate problem.
> I hope that the new edg-gridftpd version will tell clients its public IP
> address (in a PASV protocol exchange) and that it won't attempt to
> actually use a public address for data transfers because it would surely
> fail ( probably in a bind() call ) on a host with only a private
> interface (and lo).
If the data address is explicitly configured as I described in my other
message, it will _always_ use it in response to a PASV command, because
the server cannot predict if the address is going to be used for a local
transfer (WN --> SE) or a remote 3rd party transfer (remote SE --> SE).
This means that a WN _must_ have a routing entry to the public address
of the site's own SE. I suppose some clever NAT/iptables configuration
can get the public address translated into the private address when it
happens to be used on the private network (WN --> SE)?
|